3
The user has to access via Active Director authenticationy when you are in the premises of the Company and when you are outside the Company the access will be via login and password query in an SQL Server database.
In the case of access via AD the configuration of web.config should be as follows:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
In the code of the page Index
I would do something like this to identify the user (I don’t know if it’s enough) ?
var usuario = User.Identity.Name;
if(usuario != ""){
//Acesso liberado
}else{
return RedirectToAction("Tela_de_Login");
}
And for authentication via consultation SQL Server I would do so:
<authentication mode="Forms">
<forms loginUrl="/Usuario/Login" timeout="2800"></forms>
</authentication>
Doubt:
There will be some conflict if I implement these two Web.config settings ?
How to make the system know if the user is accessing inside the Company’s domain or accessing via the Web, that is, from outside the Company’s domain ?
Note: I know that some settings should be made in IIS as well.
@Adriansuv: Would the same user have two different forms of authentication, stored in different environments? Does this make sense? // Why not always authenticate against AD, even if the user is out of? // External access could not be via VPN?
– José Diz
No, external access must be through any computer via browser.
– hard123
The system in the company where I work works like this. You have to use Forms Authentication, but on
Global.asax
you place an event at the end of the request, to verify that the Response is a 302 (i.e., unauthorized/authenticated user, would normally redirect to the login page), but then you change the http response code to 401 if you detect that the client is inside the network (thus forcing the browser to negotiate windows credentials for authentication). However, I would never use the AD user to log into the BD, but there it is from each company.– Alisson
Got it @Alisson, so far your suggestion was the closest I’m looking for and I believe yes it will work thanks for the answer, but in your comment there is no user of AD what exists is the user who is logged in to the machine and can be any user, example Joao.silva of Commercial or ana maria. of marketing That’s what we’re talking about ?
– hard123
Usually on an enterprise network the user who is logged in to the machine has to have a user in AD, that is, there is a AD user. In this application, only AD users will be able to authenticate, or an external user (e.g., a client/supplier) will be able to authenticate with user and password, without having user in AD?
– Alisson
Correct @Alisson ! , it was just a misinterpretation on my part about the AD user, so I implement will give a feedback.
– hard123